Security Vulnerability – Anonymous Access to Exalate for Jira Cloud and Exalate for Salesforce

    Note: Exalate cloud nodes have already been updated unless pinned to a certain version.  

    Details of the Vulnerability

    On Wednesday, October 5, 2022 – we discovered a critical vulnerability in Exalate allowing unauthorized access to Exalate Console.  

    The vulnerability affects Exalate for Jira Cloud (5.3.4 and earlier) and Exalate for SalesForce (5.4.1 and earlier)

    The problem has been fixed in: 

    • Exalate for Jira cloud version  5.3.5
    • Exalate for Salesforce version 5.4.1

    Check the release history for the details here

    I'm on Jira Cloud and the version of the addon in the 'manage app' section is 4.1.10-AC 

    The version displayed in the manage app section is the version of the 'connect file', and has nothing to do with the version of the exalate node itself.
    The version of the exalate node can be found at the bottom of any page of the exalate console

    I'm on Jira On Premise, should I upgrade the app?

    No - the exalate for Jira on-premise is not affected by this vulnerability.  There is no need to upgrade the app.

    How to Deploy the Vulnerability Fix?

    • Exalate nodes deployed on the Exalate cloud which have not been pinned to a certain version have already been updated.
    • Exalate nodes pinned to a certain version - please reach out to your customer success manager for agreeing on the upgrade path.
    • Exalate deployed on-premise (through a docker install) will require an upgrade.

    If you have any questions, please feel free to raise a support request on our support portal here.